Important issues to consider
The QuickTime vulnerability on Windows highlights a few important issues regarding cyber security and older software.
Are security updates available?
Uninstalling QuickTime isn’t merely a temporary measure that will protect you until a new security update gets released. Although Apple contains to provide support and updates for QuickTime run on Mac OS X, they’re no longer coming out with security updates for QuickTime on Windows. The program for Windows is essentially abandoned; there’s no reason to keep it on your computer.
Whatever software you run on your computer, make sure it’s still supported. Without software updates, which often include patches for security vulnerabilities, you’re stuck running older versions of a program. Older software is usually riddled with security holes, leaving you vulnerable to all kinds of attacks. With malicious code, hackers can shut down your system, wipe out your hard drive, and steal or tamper with data.
How much time does it take you to respond to security alerts?
Whenever you hear about a new vulnerability, you must respond as soon as possible. Hackers operate quickly to exploit known weaknesses in a software program. Along with attending to news of known vulnerabilities, you should also stay alert to any decisions companies make to discontinue software support. Even if the company doesn’t make an official announcement, check when they’ve last updated a program and confirm its status. Apple, for instance, didn’t issue this latest warning; a federal agency did. You can’t always wait for a software company to inform you about a problem.
To stay on top of cyber security alerts, it’s best to rely on dedicated IT support. IT professionals will review the software you’ve installed on your devices and ensure that it’s protected and up-to-date. People who use Windows may not even realize they still have QuickTime installed on their device. Furthermore, a program may work safely and effectively on one kind of device or system, but not on another. It’s important to make these distinctions when deciding how to react to a cyber security threat.
Within hours of receiving this alert, we were able to send a command to uninstall QuickTime AND block it from ever running again, on over 4,000 windows computers that are currently under our White Mountain Managed IT service agreements. So even if a user manages to unintentionally resinstall QuickTime, our system will prevent it from runining and will send an alert to let us know.
Are you taking a layered approach to cyber security?
These recent QuickTime vulnerabilities involve malicious code that can execute once people visit a certain website or opened an infected file. Although hackers can sometimes attack a system without the need for user interaction, in many cases, they rely on people to perform a specific action in order to launch a malware attack. Remain cautious about files and links sent via email, and take care when you’re browsing the Internet to avoid unfamiliar sites.
Other defenses include an ongoing security awareness training program, updated anti-malware programs, firewalls, and Internet browsers that can detect and warn you about potentially corrupted sites. Your cyber security defenses should involve layers of protection, combining state-of-the-art software and safe computing habits.
Want to see if your IT provider has really protected you from this threat?
Try this simlple test;
- Check to see if QuickTime has been removed by checking add/remove programs on your office pcs. (if you find it, they have failed to protect you from this threat)
If you are not sure, and don’t want to risk running a test, just give us a call and we can help you determine if you current provider is proactively managing your systems to protect your business.
Please contact us to further discuss protecting your system from cyber security vulnerabilities. It’s important to respond immediately to security threats by updating or uninstalling problematic software. This latest Homeland Security alert is yet another reminder that older software poses a danger to your data and system, and that even a program you rarely use may undermine your cyber security defenses.